Bower is built for researchers who handle sensitive data. Every feature — from capture to AI processing — is designed with security, privacy, and data isolation as defaults, not afterthoughts.Documentation Index
Fetch the complete documentation index at: https://docs.bowerlabs.ai/llms.txt
Use this file to discover all available pages before exploring further.
Compliance
GDPR
Compliant
SOC 2 Type II
In progress
ISO 27001
In progress
HIPAA
In progress
Security overview
AES-256 encryption
All data encrypted at rest using AES-256. All data in transit encrypted via TLS. No unencrypted paths exist.
Workspace isolation
Full database-level isolation between workspaces, enforced in middleware. No cross-workspace data leakage is possible.
Audit logging
Every create, update, and delete action is logged with who, what, when, and field-level diffs. Exportable to CSV.
Session management
30-minute inactivity timeout. Revoke all sessions instantly from settings. Token expiry enforced server-side.
Role-based access
Five roles — Owner, Admin, Member, Viewer, Guest — with strict hierarchy enforced at the API level.
AI data handling
Your content is processed for inference only. Your data is never used to train AI models.
Compliance & data protection
GDPR compliant
Full data subject rights — export, deletion, and portability. Designated Data Protection Officer. 30-day response SLA on all requests.
Australian Privacy Act
Operated by Benenota Pty Ltd (ABN 60 691 836 085), compliant with the Australian Privacy Principles (APPs).
Your data rights
- Export — download a complete copy of all your personal data as JSON from Settings > Privacy > Export my data
- Delete — permanently remove your account and all associated data from Settings > Security > Danger Zone
- Cookie control — choose exactly which cookies Bower uses, changeable at any time from Settings > Privacy
- DPO contact — reach our Data Protection Officer at privacy@bowerlabs.ai
Infrastructure & sub-processors
All primary data is hosted on Google Cloud Platform (us-central1). Every sub-processor operates under a Data Processing Agreement (DPA).Infrastructure & hosting
Infrastructure & hosting
| Service | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Database, file storage, compute, async jobs | US (us-central1) |
| Firebase Authentication | User authentication (email/password, Google OAuth) | US |
| Cloudflare Turnstile | Bot protection during sign-up | Global (edge) |
AI processing
AI processing
Your content is sent to these providers for inference only. Your data is not used to train AI models.
| Service | Purpose | Location |
|---|---|---|
| Google AI (Gemini, Vertex AI) | AI chat (Bird), live mode, OCR, embeddings | US |
| Google Cloud Speech-to-Text | Voice note transcription | US |
| Anthropic | AI chat (Bird), agent tasks | US |
Policies & documentation
Data privacy
Encryption, workspace isolation, access controls, deletion, and your data rights — the full technical breakdown.
Sub-processors
Complete list of third-party services that process data on behalf of Bower, with DPA coverage.
Cookie policy
What cookies Bower uses, why, and how to control them. Essential vs. analytics categories.
Audit logs
Track every change in your workspace — who did what, when, with field-level diffs.
Password & security
Manage your password, sign-in methods, sessions, and account security settings.
Privacy Policy
Full legal privacy policy — how we collect, use, store, and protect your personal data.
Terms of Service
Terms governing your use of the Bower platform.
Questions?
If you have security questions, need a DPA, or want to report a vulnerability, contact us:- Data Protection Officer: privacy@bowerlabs.ai
- General support: hello@bowerlabs.ai